结合fail2ban对nginx进行防护

  1. 修改/etc/fail2ban/jail.local配置,在文末添加内容。

    [nginx]
    enabled = true
    port = 80,443
    filter = nginx
    logpath = /usr/local/nginx/logs/access.log
    action = iptables-multiport[name=404, port="80,443", protocol=tcp]
    maxretry = 10
    findtime = 60
    bantime = 6h
  2. 新增/etc/fail2ban/filter.d/nginx.conf内容,添加识别规则。

    [Definition]
    failregex = ^<HOST>.*"(GET|POST).*" (404|403|400) .*$
    ignoreregex =
  3. 重启fail2ban。

    systemctl restart fail2ban